The Hacker News

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Turla turns Kazuar into a 3-module P2P botnet, enabling stealthy C2, resilient tasking, and persistent access.
The Hacker News

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

NGINX Rift CVE-2026-42945 scores 9.2 after 18 years, enabling unauthenticated RCE or DoS via crafted HTTP requests.
Security Boulevard

CVE-2026-42945: Imperva Customers Protected Against Critical NGINX Rewrite Module Vulnerability

TL;DR: Researchers recently disclosed CVE-2026-42945, a critical heap-based buffer overflow vulnerability affecting both NGINX Open Source and NGINX Plus. The flaw exists within the ...

18-year-old NGINX vulnerability allows DoS, potential RCE

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for ...
SecurityWeek

PoC Code Published for Critical NGINX Vulnerability

Depthfirst has published technical details and proof-of-concept (PoC) exploit code targeting a critical NGINX vulnerability.
Morning Overview on MSN

An 18-year-old heap buffer overflow in NGINX gives attackers remote code execution — billions of devices run the affected module

A single rewrite rule, the kind pasted into NGINX configurations thousands of times a day, can hand an unauthenticated ...
Morning Overview on MSN

An 18-year-old flaw in NGINX just gave attackers remote code execution on millions of web servers — nobody noticed for two decades

For roughly 18 years, a chunk of code inside one of the internet’s most popular web servers quietly carried a critical ...
NPR

Ukraine invasion — explained

The roots of Russia's invasion of Ukraine go back decades and run deep. The current conflict is more than one country fighting to take over another; it is — in the words of one U.S. official — a shift ...